$20,000 Bounty Awarded For Finding Steam CD Key Vulnerability

  • 41

Moskovsky has discovered an vulnerability on Steam that allows access to the developer portal to produce an unlimited number of game keys. Instead of utilizing this deficit, he made the right move and brought the situation to the attention of Valve officials.

Moskovsky, when testing a web application, came across this vulnerability that can be used by anyone who has access to the portal. To benefit from this, a single entry is sufficient. Only by changing a parameter, one can have the game, then entering any ID for any parameter results in as much game keys as you wish.

In order to reveal the seriousness of the situation, he shared that he has obtained 36.000 Portal 2 codes in one of his experiments. Valve awarded him a $ 20,000 prize.

Moskovsky reported this deficit on August 7 and was awarded $ 20,000 on August 10th. The report has been prepared 2 weeks ago, so we are aware of this situation. Meanwhile, Moskovsky has previously identified another critical vulnerability and received a $ 25,000 award. Which means he's good at what he's doing. Let's see how much the next prize will be :)

Replies • 1